On Mon, Jul 31, 2017 at 5:28 PM, Andrew Gallagher <andr...@andrewg.com> wrote: > There are two enormous holes in this argument: > > 1. If the people you communicate with regularly don't do "gpg > --refresh-keys" regularly they won't find out whether *anything* has > *ever* been revoked.
A good practice is to define close expiration dates for keys and subkeys, and regularly postpone them (or renew subkeys), which is only possible with the "master" offline key and not with the possibly compromised subkeys. This forces those people who never refresh keys to do it, or complain, or for most of them abandon PGP because they get painful warnings and this stupid thing does not work. Furthermore, if you start sending messages signed with a new subkey, people who have not refreshed your key will get error messages, hopefully refresh the key (or complain or abandon PGP), and get both the revocation certificates and the new subkeys. Without even having to understand what happens. Definitely, having different keys for signing and certifying looks OK to me. > But so long as your passphrase is good, it > shouldn't matter whether an attacker has a copy of your encrypted > privkey I prefer having an easy to type (and weak) passphrase, and rely on full disk encryption with a big, big passphrase I only type once in a while. Am I wrong? Strange tuto... Using a laptop, caring about security (which is deduced from the use of PGP), and not considering having the storage memory encrypted. -- Gabriel _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
